Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[nping] show RCVD hex dump on -vvv

From: Vasiliy Kulikov <segooon () gmail com>
Date: Fri, 12 Aug 2011 16:14:50 +0400
Hi,

This is a fix of a bug from nping TODO list:

When running Nping in ARP mode, hexdump of ARP replies is not shown with
-vvv, only for requests.

With the patch:

    $ sudo ./nping/nping --arp 192.168.1.1 -vvv -d1

    Starting Nping 0.5.59BETA1 ( http://nmap.org/nping ) at 2011-08-12 16:12 MSD
    BPF-filter: arp and arp[6]==0x00 and arp[7]==0x02
    SENT (0.0908s) ARP who has 192.168.1.1? Tell 192.168.1.21
    0000   ff ff ff ff ff ff 00 21  63 2b bd b6 08 06 00 01  .......!c+......
    0010   08 00 06 04 00 01 00 21  63 2b bd b6 c0 a8 01 15  .......!c+......
    0020   00 00 00 00 00 00 c0 a8  01 01                    ..........      
    RCVD (0.0932s) ARP reply 192.168.1.1 is at 00:13:49:9C:FE:EE
    0000   00 01 08 00 06 04 00 02  00 13 49 9c fe ee c0 a8  ..........I.....
    0010   01 01 00 21 63 2b bd b6  c0 a8 01 15 40 00 3f 06  ...!c+......@.?.
    0020   36 4e 55 8c 10 a7 42 f0  ce 5d 2c 15 01 bb        6NU...B..],...  

Without the patch:

    $ sudo ./nping/nping --arp 192.168.1.1 -vvv -d1

    Starting Nping 0.5.59BETA1 ( http://nmap.org/nping ) at 2011-08-12 16:14 MSD
    BPF-filter: arp and arp[6]==0x00 and arp[7]==0x02
    SENT (0.0885s) ARP who has 192.168.1.1? Tell 192.168.1.21
    0000   ff ff ff ff ff ff 00 21  63 2b bd b6 08 06 00 01  .......!c+......
    0010   08 00 06 04 00 01 00 21  63 2b bd b6 c0 a8 01 15  .......!c+......
    0020   00 00 00 00 00 00 c0 a8  01 01                    ..........      
    RCVD (0.0914s) ARP reply 192.168.1.1 is at 00:13:49:9C:FE:EE
    SENT (1.0899s) ARP who has 192.168.1.1? Tell 192.168.1.21
    0000   ff ff ff ff ff ff 00 21  63 2b bd b6 08 06 00 01  .......!c+......
    0010   08 00 06 04 00 01 00 21  63 2b bd b6 c0 a8 01 15  .......!c+......
    0020   00 00 00 00 00 00 c0 a8  01 01                    ..........      
    RCVD (1.0914s) ARP reply 192.168.1.1 is at 00:13:49:9C:FE:EE



Index: ProbeMode.cc
===================================================================
--- ProbeMode.cc        (revision 25735)
+++ ProbeMode.cc        (working copy)
@@ -1654,6 +1654,7 @@
                 getPacketStrInfo("ARP",(const u8*)packet, packetlen, buffer, 512);
                 outPrint(VB_0, "RCVD (%.4fs) %s", o.stats.elapsedRuntime(t), buffer );
                 o.stats.addRecvPacket(packetlen);
+                print_hexdump(VB_3 | NO_NEWLINE, packet, packetlen);
                 /* TODO: find target and call setProbeRecvARP() */
             }
 
-- 
Vasiliy
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: